If there any open source solution for forticlient ipsec vpn as a second factor for 2fa

Hey everyone! I have fg 600d with 1000 ipsec users via forticlient, if there any open source solution to integrate second factor (mobile app most preferable) for this

Maybe try https://www.privacyidea.org/

i have not tested it myself but it seems nice…

Or any other open source solution to implement client vpn with mfa?

Are you asking for an open-source VPN client, or for an open-source 2FA/MFA provider?

You could try saml with a provider that uses 2fa in the authentication flow. Then the saml provider wil handle the login and mfa options
An example is authentik

Back in the day I built one with forge rock and freeradius

If you’re looking for Open Source, I believe multiOTP is compatible with FreeRADIUS and is a TOTP/HOTP token server. You should be able to use that with any mobile TOTP app such as Google Authenticator.

Implemented that project with LinOTP once, when pandemy hit and everyone had to switch to WFH. Well, PrivacyIDEA is essentially the same.

Basically you’ll get a management/enrollment web-portal (AD-tied) and web-endpoint for 2FA. Then you’ll need FreeRADIUS installation with LinOTP-plugin pointing to that endpoint.

You could look at either Keycloak or Authetik as SAML providers and use Google authenticator with them. There are no app based 2fa solutions that are Open source as far as im aware.

People still use Dailup IKE in 2023? TIL.

If you want free use pfsense. You can pin hole it

Please clarify, are you looking for an open source solution because you want to review the software client source code? Or are you looking for a solution that is no cost?

Vpnhouse seems to suit you, take a closer look, there is a good VPN and an application.

Yes, if I’m not mistaken Vpnhouse provides such conditions. It’s worth a try at least.

This, we use it

Some features require a support contract but the basic MFA with software tokens is free

I’m using forticlient vpn as a VPN client, and looking for 2fa provider.

Thanks! Is a forge rock free?

If you have Azure AD or Google workspace you can use SAML to auth users with the same MFA as I hope you use for webmail.

One less account for people to remember and one less account to create/remove as users come and go.

It was 9 years ago and yes it was free

Azure AD SSO for Forticlient is really slick as well, have it on a customer site and little to no complaints about it